build(biji-houdaun): 优化生产环境配置并调整安全设置
- 修改 pom.xml,使用 spring-boot-maven-plugin 排除生产环境依赖 - 重构 SecurityConfig,简化公共端点配置并移除环境判断逻辑
This commit is contained in:
ikmkj
@@ -189,21 +189,26 @@
|
||||
<!-- 生产环境排除Knife4j和springdoc -->
|
||||
<profile>
|
||||
<id>prod</id>
|
||||
<dependencies>
|
||||
<!-- 排除Knife4j API 文档 -->
|
||||
<dependency>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<excludes>
|
||||
<exclude>
|
||||
<groupId>com.github.xiaoymin</groupId>
|
||||
<artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
|
||||
<version>${knife4j.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
</exclude>
|
||||
<exclude>
|
||||
<groupId>org.springdoc</groupId>
|
||||
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
|
||||
<version>2.7.0</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</exclude>
|
||||
</excludes>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
|
||||
@@ -8,7 +8,6 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.env.Environment;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
@@ -18,8 +17,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig {
|
||||
@@ -36,9 +33,6 @@ public class SecurityConfig {
|
||||
@Autowired
|
||||
private JwtAccessDeniedHandler jwtAccessDeniedHandler;
|
||||
|
||||
@Autowired
|
||||
private Environment environment;
|
||||
|
||||
@Value("${jwt.header}")
|
||||
private String tokenHeader;
|
||||
|
||||
@@ -54,26 +48,18 @@ public class SecurityConfig {
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(userDetailsService, jwtTokenUtil, tokenHeader, tokenHead);
|
||||
|
||||
// 检查当前激活的profile中是否包含 "prod"
|
||||
boolean isProd = Arrays.asList(environment.getActiveProfiles()).contains("prod");
|
||||
|
||||
// 根据环境动态设置白名单
|
||||
String[] publicEndpoints = isProd ?
|
||||
new String[]{"/api/user/login", "/api/user/register"} :
|
||||
new String[]{
|
||||
http
|
||||
.csrf(csrf -> csrf.disable())
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.authorizeHttpRequests(authz -> authz
|
||||
// 1. 始终允许的核心公共端点 (登录、注册、API文档)
|
||||
.requestMatchers(
|
||||
"/doc.html",
|
||||
"/webjars/**",
|
||||
"/v3/api-docs/**",
|
||||
"/api/user/login",
|
||||
"/api/user/register"
|
||||
};
|
||||
|
||||
http
|
||||
.csrf(csrf -> csrf.disable())
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.authorizeHttpRequests(authz -> authz
|
||||
// 1. 动态允许公共端点
|
||||
.requestMatchers(publicEndpoints).permitAll()
|
||||
).permitAll()
|
||||
|
||||
// 2. 精确允许用于“公开阅读”的 GET 请求
|
||||
.requestMatchers(org.springframework.http.HttpMethod.GET,
|
||||
|
||||
Reference in New Issue
Block a user